security-best-practicesReview code with secure-by-default standards, prioritize exploitable risks, and deliver minimal-diff fixes with evidence and regression checks.
Install via ClawdBot CLI:
clawdbot install ivangdavila/security-best-practicesGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Calls external URL not in known-safe list
https://clawic.com/skills/security-best-practicesAudited Apr 17, 2026 · audit v1.0
Generated Mar 20, 2026
A financial technology startup is developing a new payment processing API and needs to ensure it meets secure-by-default standards before launch. This skill helps systematically review authentication, input validation, and secrets handling to prioritize exploitable risks like injection attacks or data leaks, delivering minimal-diff fixes with evidence.
An e-commerce company discovers security flaws in its checkout module during a penetration test. Using this skill, the team can triage risks based on exploitability, map findings to a consistent baseline, and apply safe remediation patterns to fix issues like insecure dependencies or authorization gaps without disrupting user experience.
A healthcare provider is updating its patient management system to comply with regulations like HIPAA. This skill assists in reviewing logging, error handling, and data exposure controls, producing verifiable findings with severity scores and minimal-risk fixes to address vulnerabilities while maintaining audit trails and exception logs.
A SaaS startup wants to embed security reviews into its CI/CD pipeline to catch vulnerabilities early. This skill provides a repeatable workflow with evidence standards, helping prioritize issues like configuration safety and supply chain risks, and integrates with related skills like devops for operational safeguards.
Companies offering cloud-based services use this skill to conduct regular security reviews, ensuring their platforms remain secure against evolving threats. It helps prioritize exploitable risks and deliver actionable fixes, reducing breach risks and maintaining customer trust, which supports recurring revenue streams.
Security consulting firms leverage this skill to provide structured vulnerability assessments and remediation planning for clients. By following core rules like establishing evidence first and prioritizing exploitability, they deliver high-confidence reports that justify project fees and enhance service value.
Large enterprises developing internal or commercial software use this skill to enforce secure-by-default standards across teams. It aids in risk triage and minimal-diff fixes, reducing technical debt and compliance costs, which contributes to revenue through improved product security and reduced incident-related losses.
💬 Integration Tip
Start by reading setup.md to configure local memory files, then use review-playbook.md for systematic scans to avoid ad-hoc reviews and ensure consistent evidence collection.
Scored Apr 18, 2026
Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L...
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Audit a user's current AI tool stack. Score each tool by ROI, identify redundancies, gaps, and upgrade opportunities. Produces a structured report with score...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Solve CAPTCHAs using 2Captcha service via CLI. Use for bypassing captchas during web automation, account creation, or form submission.